<?php require_once("admin-header.php");?>
<?php if (!(isset($_SESSION['administrator'])|| isset($_SESSION['password_setter']) )){
	echo "<a href='../loginpage.php'>Please Login First!</a>";
	exit(1);
}
if(isset($_POST['do'])){
	//echo $_POST['user_id'];
	require_once("../include/check_post_key.php");
	//echo $_POST['passwd'];
	require_once("../include/my_func.inc.php");
	
	$user_id=$_POST['user_id'];
    $passwd =$_POST['passwd'];
    if (get_magic_quotes_gpc ()) {
		$user_id = stripslashes ( $user_id);
		$passwd = stripslashes ( $passwd);
	}
	$user_id=mysql_real_escape_string($user_id);
	$passwd=pwGen($passwd);
	$sql="update `users` set `password`='$passwd' where `user_id`='$user_id'  and user_id not in( select user_id from privilege where rightstr='administrator') ";
	mysql_query($sql);
	if (mysql_affected_rows()==1) echo "密码已经修改成功";
  else echo "没有找到该用户 或者 该用户为管理员";
}
?>

<center><h2>修改密码</h2></center>

<form class="form-horizontal col-sm-6 col-sm-offset-2" action="changepass.php" method="post">
<div class="form-group">
        <label class="col-sm-5 control-label">用户登陆名</label>
        <div class="col-sm-7">
        <input class="form-control" name="user_id" type="text"/></div>
</div>
<div class="form-group">
        <label class="col-sm-5 control-label">新密码</label>
        <div class="col-sm-7">
        <input class="form-control" name="passwd" type="password"/></div>
</div>

	<?php require_once("../include/set_post_key.php");?>
	<input type='hidden' name='do' value='do'>
<div class="form-group">
        <div class="col-sm-offset-5 col-sm-7">
            <input type="submit" class="btn btn-primary col-sm-8" value="提交"/>
        </div>
</div>
</form>
